diff options
Diffstat (limited to 'packages/strongswan/patches/1001-charon-add-optional-source-and-remote-overrides-for-.patch')
| -rw-r--r-- | packages/strongswan/patches/1001-charon-add-optional-source-and-remote-overrides-for-.patch | 403 |
1 files changed, 202 insertions, 201 deletions
diff --git a/packages/strongswan/patches/1001-charon-add-optional-source-and-remote-overrides-for-.patch b/packages/strongswan/patches/1001-charon-add-optional-source-and-remote-overrides-for-.patch index 081c987c..6819ca08 100644 --- a/packages/strongswan/patches/1001-charon-add-optional-source-and-remote-overrides-for-.patch +++ b/packages/strongswan/patches/1001-charon-add-optional-source-and-remote-overrides-for-.patch @@ -23,33 +23,33 @@ Signed-off-by: Timo Teräs <timo.teras@iki.fi> src/libcharon/plugins/vici/vici_config.c | 2 +- src/libcharon/plugins/vici/vici_control.c | 64 ++++++++++++++++--- .../processing/jobs/start_action_job.c | 2 +- - src/libcharon/sa/ike_sa_manager.c | 51 ++++++++++++++- + src/libcharon/sa/ike_sa_manager.c | 50 ++++++++++++++- src/libcharon/sa/ike_sa_manager.h | 8 ++- src/libcharon/sa/trap_manager.c | 45 ++++++------- src/swanctl/commands/initiate.c | 40 +++++++++++- - 11 files changed, 218 insertions(+), 47 deletions(-) + 11 files changed, 217 insertions(+), 47 deletions(-) diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c -index b91c89830..55f8d224f 100644 +index 0481d78d4..805d6f198 100644 --- a/src/charon-cmd/cmd/cmd_connection.c +++ b/src/charon-cmd/cmd/cmd_connection.c -@@ -439,7 +439,7 @@ static job_requeue_t initiate(private_cmd_connection_t *this) - child_cfg = create_child_cfg(this, peer_cfg); - - if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg, +@@ -438,7 +438,7 @@ static job_requeue_t initiate(private_cmd_connection_t *this) + child_cfg = create_child_cfg(this, peer_cfg); + + if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg, - controller_cb_empty, NULL, 0, FALSE) != SUCCESS) + NULL, NULL, controller_cb_empty, NULL, 0, FALSE) != SUCCESS) - { - terminate(pid); - } + { + terminate(pid); + } diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c -index 0c86275e2..baa83f440 100644 +index 3baa9342a..5abc4c1df 100644 --- a/src/libcharon/control/controller.c +++ b/src/libcharon/control/controller.c @@ -15,6 +15,28 @@ * for more details. */ - + +/* + * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi> + * @@ -73,12 +73,12 @@ index 0c86275e2..baa83f440 100644 + */ + #include "controller.h" - + #include <sys/types.h> @@ -102,6 +124,16 @@ struct interface_listener_t { - */ - ike_sa_t *ike_sa; - + */ + ike_sa_t *ike_sa; + + /** + * Our host hint. + */ @@ -89,107 +89,107 @@ index 0c86275e2..baa83f440 100644 + */ + host_t *other_host; + - /** - * unique ID, used for various methods - */ + /** + * unique ID, used for various methods + */ @@ -414,9 +446,14 @@ METHOD(job_t, initiate_execute, job_requeue_t, - ike_sa_t *ike_sa; - interface_listener_t *listener = &job->listener; - peer_cfg_t *peer_cfg = listener->peer_cfg; + ike_sa_t *ike_sa; + interface_listener_t *listener = &job->listener; + peer_cfg_t *peer_cfg = listener->peer_cfg; + host_t *my_host = listener->my_host; + host_t *other_host = listener->other_host; - - ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager, + + ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager, - peer_cfg); + peer_cfg, my_host, other_host); + DESTROY_IF(my_host); + DESTROY_IF(other_host); + - if (!ike_sa) - { - DESTROY_IF(listener->child_cfg); + if (!ike_sa) + { + DESTROY_IF(listener->child_cfg); @@ -425,6 +462,7 @@ METHOD(job_t, initiate_execute, job_requeue_t, - listener_done(listener); - return JOB_REQUEUE_NONE; - } + listener_done(listener); + return JOB_REQUEUE_NONE; + } + - listener->lock->lock(listener->lock); - listener->ike_sa = ike_sa; - listener->lock->unlock(listener->lock); + listener->lock->lock(listener->lock); + listener->ike_sa = ike_sa; + listener->lock->unlock(listener->lock); @@ -497,6 +535,7 @@ METHOD(job_t, initiate_execute, job_requeue_t, - + METHOD(controller_t, initiate, status_t, - private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, + private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, + host_t *my_host, host_t *other_host, - controller_cb_t callback, void *param, u_int timeout, bool limits) + controller_cb_t callback, void *param, u_int timeout, bool limits) { - interface_job_t *job; + interface_job_t *job; @@ -519,6 +558,8 @@ METHOD(controller_t, initiate, status_t, - .status = FAILED, - .child_cfg = child_cfg, - .peer_cfg = peer_cfg, + .status = FAILED, + .child_cfg = child_cfg, + .peer_cfg = peer_cfg, + .my_host = my_host ? my_host->clone(my_host) : NULL, + .other_host = other_host ? other_host->clone(other_host) : NULL, - .lock = spinlock_create(), - .options.limits = limits, - }, + .lock = spinlock_create(), + .options.limits = limits, + }, diff --git a/src/libcharon/control/controller.h b/src/libcharon/control/controller.h index b4ccfced2..7a088b122 100644 --- a/src/libcharon/control/controller.h +++ b/src/libcharon/control/controller.h @@ -79,6 +79,8 @@ struct controller_t { - * - * @param peer_cfg peer_cfg to use for IKE_SA setup - * @param child_cfg optional child_cfg to set up CHILD_SA from + * + * @param peer_cfg peer_cfg to use for IKE_SA setup + * @param child_cfg optional child_cfg to set up CHILD_SA from + * @param my_host optional address hint for source + * @param other_host optional address hint for destination - * @param cb logging callback - * @param param parameter to include in each call of cb - * @param timeout timeout in ms to wait for callbacks, 0 to disable + * @param cb logging callback + * @param param parameter to include in each call of cb + * @param timeout timeout in ms to wait for callbacks, 0 to disable @@ -92,6 +94,7 @@ struct controller_t { - */ - status_t (*initiate)(controller_t *this, - peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, + */ + status_t (*initiate)(controller_t *this, + peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, + host_t *my_host, host_t *other_host, - controller_cb_t callback, void *param, u_int timeout, - bool limits); - + controller_cb_t callback, void *param, u_int timeout, + bool limits); + diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c index 8d84b934e..b00d0e62d 100644 --- a/src/libcharon/plugins/stroke/stroke_control.c +++ b/src/libcharon/plugins/stroke/stroke_control.c @@ -108,7 +108,7 @@ static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg - if (msg->output_verbosity < 0) - { - charon->controller->initiate(charon->controller, peer_cfg, child_cfg, + if (msg->output_verbosity < 0) + { + charon->controller->initiate(charon->controller, peer_cfg, child_cfg, - NULL, NULL, 0, FALSE); + NULL, NULL, NULL, NULL, 0, FALSE); - } - else - { + } + else + { @@ -116,7 +116,8 @@ static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg - status_t status; - - status = charon->controller->initiate(charon->controller, + status_t status; + + status = charon->controller->initiate(charon->controller, - peer_cfg, child_cfg, (controller_cb_t)stroke_log, + peer_cfg, child_cfg, NULL, NULL, + (controller_cb_t)stroke_log, - &info, this->timeout, FALSE); - switch (status) - { + &info, this->timeout, FALSE); + switch (status) + { diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c -index 1ff0754f4..6a133decd 100644 +index 2a4d58eab..0e9d24d11 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c -@@ -2122,7 +2122,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg, - DBG1(DBG_CFG, "initiating '%s'", child_cfg->get_name(child_cfg)); - charon->controller->initiate(charon->controller, - peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg), +@@ -2149,7 +2149,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg, + DBG1(DBG_CFG, "initiating '%s'", child_cfg->get_name(child_cfg)); + charon->controller->initiate(charon->controller, + peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg), - NULL, NULL, 0, FALSE); + NULL, NULL, NULL, NULL, 0, FALSE); - break; - case ACTION_ROUTE: - DBG1(DBG_CFG, "installing '%s'", child_cfg->get_name(child_cfg)); + break; + case ACTION_ROUTE: + DBG1(DBG_CFG, "installing '%s'", child_cfg->get_name(child_cfg)); diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c index 4c09b578d..abd7b5d4b 100644 --- a/src/libcharon/plugins/vici/vici_control.c @@ -197,7 +197,7 @@ index 4c09b578d..abd7b5d4b 100644 @@ -16,6 +16,28 @@ * for more details. */ - + +/* + * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi> + * @@ -222,33 +222,33 @@ index 4c09b578d..abd7b5d4b 100644 + #include "vici_control.h" #include "vici_builder.h" - + @@ -174,9 +196,11 @@ static child_cfg_t* find_child_cfg(char *name, char *pname, peer_cfg_t **out) CALLBACK(initiate, vici_message_t*, - private_vici_control_t *this, char *name, u_int id, vici_message_t *request) + private_vici_control_t *this, char *name, u_int id, vici_message_t *request) { + vici_message_t* msg; - peer_cfg_t *peer_cfg = NULL; - child_cfg_t *child_cfg; + peer_cfg_t *peer_cfg = NULL; + child_cfg_t *child_cfg; - char *child, *ike, *type, *sa; + host_t *my_host = NULL, *other_host = NULL; + char *child, *ike, *type, *sa, *my_host_str, *other_host_str; - int timeout; - bool limits; - controller_cb_t log_cb = NULL; + int timeout; + bool limits; + controller_cb_t log_cb = NULL; @@ -190,6 +214,8 @@ CALLBACK(initiate, vici_message_t*, - timeout = request->get_int(request, 0, "timeout"); - limits = request->get_bool(request, FALSE, "init-limits"); - log.level = request->get_int(request, 1, "loglevel"); + timeout = request->get_int(request, 0, "timeout"); + limits = request->get_bool(request, FALSE, "init-limits"); + log.level = request->get_int(request, 1, "loglevel"); + my_host_str = request->get_str(request, NULL, "my-host"); + other_host_str = request->get_str(request, NULL, "other-host"); - - if (!child && !ike) - { + + if (!child && !ike) + { @@ -200,31 +226,51 @@ CALLBACK(initiate, vici_message_t*, - log_cb = (controller_cb_t)log_vici; - } - + log_cb = (controller_cb_t)log_vici; + } + + if (my_host_str) + { + my_host = host_create_from_string(my_host_str, 0); @@ -259,73 +259,73 @@ index 4c09b578d..abd7b5d4b 100644 + } + + - type = child ? "CHILD_SA" : "IKE_SA"; - sa = child ?: ike; - - child_cfg = find_child_cfg(child, ike, &peer_cfg); - + type = child ? "CHILD_SA" : "IKE_SA"; + sa = child ?: ike; + + child_cfg = find_child_cfg(child, ike, &peer_cfg); + - DBG1(DBG_CFG, "vici initiate %s '%s'", type, sa); + DBG1(DBG_CFG, "vici initiate %s '%s', me %H, other %H, limits %d", type, sa, my_host, other_host, limits); - if (!peer_cfg) - { + if (!peer_cfg) + { - return send_reply(this, "%s config '%s' not found", type, sa); + msg = send_reply(this, "%s config '%s' not found", type, sa); + goto ret; - } + } - switch (charon->controller->initiate(charon->controller, peer_cfg, - child_cfg, log_cb, &log, timeout, limits)) + switch (charon->controller->initiate(charon->controller, + peer_cfg, child_cfg, my_host, other_host, + log_cb, &log, timeout, limits)) - { - case SUCCESS: + { + case SUCCESS: - return send_reply(this, NULL); + msg = send_reply(this, NULL); + break; - case OUT_OF_RES: + case OUT_OF_RES: - return send_reply(this, "%s '%s' not established after %dms", type, + msg = send_reply(this, "%s '%s' not established after %dms", type, - sa, timeout); + sa, timeout); + break; - case INVALID_STATE: + case INVALID_STATE: - return send_reply(this, "establishing %s '%s' not possible at the " + msg = send_reply(this, "establishing %s '%s' not possible at the " - "moment due to limits", type, sa); + "moment due to limits", type, sa); + break; - case FAILED: - default: + case FAILED: + default: - return send_reply(this, "establishing %s '%s' failed", type, sa); + msg = send_reply(this, "establishing %s '%s' failed", type, sa); + break; - } + } +ret: + if (my_host) my_host->destroy(my_host); + if (other_host) other_host->destroy(other_host); + return msg; } - + CALLBACK(terminate, vici_message_t*, diff --git a/src/libcharon/processing/jobs/start_action_job.c b/src/libcharon/processing/jobs/start_action_job.c index 3a0ed879f..e3399007b 100644 --- a/src/libcharon/processing/jobs/start_action_job.c +++ b/src/libcharon/processing/jobs/start_action_job.c @@ -61,7 +61,7 @@ METHOD(job_t, execute, job_requeue_t, - charon->controller->initiate(charon->controller, - peer_cfg->get_ref(peer_cfg), - child_cfg->get_ref(child_cfg), + charon->controller->initiate(charon->controller, + peer_cfg->get_ref(peer_cfg), + child_cfg->get_ref(child_cfg), - NULL, NULL, 0, FALSE); + NULL, NULL, NULL, NULL, 0, FALSE); - break; - case ACTION_ROUTE: - DBG1(DBG_JOB, "start action: route '%s'", name); + break; + case ACTION_ROUTE: + DBG1(DBG_JOB, "start action: route '%s'", name); diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c -index 440894e9b..493599413 100644 +index f95ff19af..5ead905a8 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -17,6 +17,28 @@ * for more details. */ - + +/* + * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi> + * @@ -350,21 +350,21 @@ index 440894e9b..493599413 100644 + #include <string.h> #include <inttypes.h> - + @@ -1423,7 +1445,8 @@ out: } - + METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, - private_ike_sa_manager_t *this, peer_cfg_t *peer_cfg) + private_ike_sa_manager_t *this, peer_cfg_t *peer_cfg, + host_t *my_host, host_t *other_host) { - enumerator_t *enumerator; - entry_t *entry; + enumerator_t *enumerator; + entry_t *entry; @@ -1432,7 +1455,17 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, - ike_cfg_t *current_ike; - u_int segment; - + ike_cfg_t *current_ike; + u_int segment; + - DBG2(DBG_MGR, "checkout IKE_SA by config"); + if (my_host && my_host->get_port(my_host) == 0) + { @@ -377,13 +377,13 @@ index 440894e9b..493599413 100644 + + DBG2(DBG_MGR, "checkout IKE_SA by config '%s', me %H, other %H", + peer_cfg->get_name(peer_cfg), my_host, other_host); - - if (this->reuse_ikesa || peer_cfg->get_ike_version(peer_cfg) == IKEV1) - { -@@ -1449,6 +1482,15 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, - continue; - } - + + if (!this->reuse_ikesa && peer_cfg->get_ike_version(peer_cfg) != IKEV1) + { /* IKE_SA reuse disabled by config (not possible for IKEv1) */ +@@ -1455,6 +1488,15 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, + continue; + } + + if (my_host && !my_host->ip_equals(my_host, entry->ike_sa->get_my_host(entry->ike_sa))) + { + continue; @@ -393,66 +393,66 @@ index 440894e9b..493599413 100644 + continue; + } + - current_peer = entry->ike_sa->get_peer_cfg(entry->ike_sa); - if (current_peer && current_peer->equals(current_peer, peer_cfg)) - { -@@ -1480,6 +1523,10 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, - return NULL; - } - ike_sa = checkout_new(this, peer_cfg->get_ike_version(peer_cfg), TRUE); + current_peer = entry->ike_sa->get_peer_cfg(entry->ike_sa); + if (current_peer && current_peer->equals(current_peer, peer_cfg)) + { +@@ -1477,6 +1519,10 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, + if (!ike_sa) + { /* no IKE_SA using such a config, hand out a new */ + ike_sa = checkout_new(this, peer_cfg->get_ike_version(peer_cfg), TRUE); + if (my_host || other_host) + { + ike_sa->update_hosts(ike_sa, my_host, other_host, TRUE); + } - } - charon->bus->set_sa(charon->bus, ike_sa); - + } + charon->bus->set_sa(charon->bus, ike_sa); + diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h index efad2e4d6..c43edabbb 100644 --- a/src/libcharon/sa/ike_sa_manager.h +++ b/src/libcharon/sa/ike_sa_manager.h @@ -93,7 +93,8 @@ struct ike_sa_manager_t { - ike_sa_t* (*checkout_by_message) (ike_sa_manager_t* this, message_t *message); - - /** + ike_sa_t* (*checkout_by_message) (ike_sa_manager_t* this, message_t *message); + + /** - * Checkout an IKE_SA for initiation by a peer_config. + * Checkout an IKE_SA for initiation by a peer_config and optional + * source and remote host addresses. - * - * To initiate, a CHILD_SA may be established within an existing IKE_SA. - * This call checks for an existing IKE_SA by comparing the configuration. + * + * To initiate, a CHILD_SA may be established within an existing IKE_SA. + * This call checks for an existing IKE_SA by comparing the configuration. @@ -103,10 +104,13 @@ struct ike_sa_manager_t { - * the found IKE_SA is in the DELETING state. - * - * @param peer_cfg configuration used to find an existing IKE_SA + * the found IKE_SA is in the DELETING state. + * + * @param peer_cfg configuration used to find an existing IKE_SA + * @param my_host source host address for wildcard peer_cfg + * @param other_host remote host address for wildcard peer_cfg - * @return checked out/created IKE_SA - */ - ike_sa_t* (*checkout_by_config) (ike_sa_manager_t* this, + * @return checked out/created IKE_SA + */ + ike_sa_t* (*checkout_by_config) (ike_sa_manager_t* this, - peer_cfg_t *peer_cfg); + peer_cfg_t *peer_cfg, + host_t *my_host, host_t *other_host); - - /** - * Reset initiator SPI. + + /** + * Reset initiator SPI. diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c index 2bc531b38..7220ea597 100644 --- a/src/libcharon/sa/trap_manager.c +++ b/src/libcharon/sa/trap_manager.c @@ -432,7 +432,7 @@ METHOD(trap_manager_t, acquire, void, - peer_cfg_t *peer; - child_cfg_t *child; - ike_sa_t *ike_sa; + peer_cfg_t *peer; + child_cfg_t *child; + ike_sa_t *ike_sa; - host_t *host; + host_t *host, *my_host = NULL, *other_host = NULL; - bool wildcard, ignore = FALSE; - - this->lock->read_lock(this->lock); + bool wildcard, ignore = FALSE; + + this->lock->read_lock(this->lock); @@ -508,36 +508,27 @@ METHOD(trap_manager_t, acquire, void, - this->lock->unlock(this->lock); - - if (wildcard) + this->lock->unlock(this->lock); + + if (wildcard) - { /* the peer config would match IKE_SAs with other peers */ - ike_sa = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, - peer->get_ike_version(peer), TRUE); @@ -468,13 +468,13 @@ index 2bc531b38..7220ea597 100644 + ike_cfg_t *ike_cfg; + uint16_t port; + uint8_t mask; - + - port = ike_cfg->get_other_port(ike_cfg); - dst->to_subnet(dst, &host, &mask); - host->set_port(host, port); - ike_sa->set_other_host(ike_sa, host); + ike_cfg = peer->get_ike_cfg(peer); - + - port = ike_cfg->get_my_port(ike_cfg); - src->to_subnet(src, &host, &mask); - host->set_port(host, port); @@ -482,7 +482,7 @@ index 2bc531b38..7220ea597 100644 + port = ike_cfg->get_other_port(ike_cfg); + dst->to_subnet(dst, &other_host, &mask); + other_host->set_port(other_host, port); - + - charon->bus->set_sa(charon->bus, ike_sa); - } - } @@ -493,16 +493,16 @@ index 2bc531b38..7220ea597 100644 + port = ike_cfg->get_my_port(ike_cfg); + src->to_subnet(src, &my_host, &mask); + my_host->set_port(my_host, port); - } + } + ike_sa = charon->ike_sa_manager->checkout_by_config( + charon->ike_sa_manager, peer, + my_host, other_host); + DESTROY_IF(my_host); + DESTROY_IF(other_host); + - if (ike_sa) - { - if (ike_sa->get_peer_cfg(ike_sa) == NULL) + if (ike_sa) + { + if (ike_sa->get_peer_cfg(ike_sa) == NULL) diff --git a/src/swanctl/commands/initiate.c b/src/swanctl/commands/initiate.c index 8ade8bf41..03b2cb0f4 100644 --- a/src/swanctl/commands/initiate.c @@ -510,7 +510,7 @@ index 8ade8bf41..03b2cb0f4 100644 @@ -13,6 +13,28 @@ * for more details. */ - + +/* + * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi> + * @@ -534,34 +534,34 @@ index 8ade8bf41..03b2cb0f4 100644 + */ + #include "command.h" - + #include <errno.h> @@ -37,7 +59,7 @@ static int initiate(vici_conn_t *conn) - vici_req_t *req; - vici_res_t *res; - command_format_options_t format = COMMAND_FORMAT_NONE; + vici_req_t *req; + vici_res_t *res; + command_format_options_t format = COMMAND_FORMAT_NONE; - char *arg, *child = NULL, *ike = NULL; + char *arg, *child = NULL, *ike = NULL, *my_host = NULL, *other_host = NULL; - int ret = 0, timeout = 0, level = 1; - - while (TRUE) + int ret = 0, timeout = 0, level = 1; + + while (TRUE) @@ -64,6 +86,12 @@ static int initiate(vici_conn_t *conn) - case 'l': - level = atoi(arg); - continue; + case 'l': + level = atoi(arg); + continue; + case 'S': + my_host = arg; + continue; + case 'R': + other_host = arg; + continue; - case EOF: - break; - default: + case EOF: + break; + default: @@ -87,6 +115,14 @@ static int initiate(vici_conn_t *conn) - { - vici_add_key_valuef(req, "ike", "%s", ike); - } + { + vici_add_key_valuef(req, "ike", "%s", ike); + } + if (my_host) + { + vici_add_key_valuef(req, "my-host", "%s", my_host); @@ -570,17 +570,18 @@ index 8ade8bf41..03b2cb0f4 100644 + { + vici_add_key_valuef(req, "other-host", "%s", other_host); + } - if (timeout) - { - vici_add_key_valuef(req, "timeout", "%d", timeout * 1000); + if (timeout) + { + vici_add_key_valuef(req, "timeout", "%d", timeout * 1000); @@ -133,6 +169,8 @@ static void __attribute__ ((constructor))reg() - {"help", 'h', 0, "show usage information"}, - {"child", 'c', 1, "initiate a CHILD_SA configuration"}, - {"ike", 'i', 1, "initiate an IKE_SA, or name of child's parent"}, + {"help", 'h', 0, "show usage information"}, + {"child", 'c', 1, "initiate a CHILD_SA configuration"}, + {"ike", 'i', 1, "initiate an IKE_SA, or name of child's parent"}, + {"source", 'S', 1, "override source address"}, + {"remote", 'R', 1, "override remote address"}, - {"timeout", 't', 1, "timeout in seconds before detaching"}, - {"raw", 'r', 0, "dump raw response message"}, - {"pretty", 'P', 0, "dump raw response message in pretty print"}, --- -2.24.0 + {"timeout", 't', 1, "timeout in seconds before detaching"}, + {"raw", 'r', 0, "dump raw response message"}, + {"pretty", 'P', 0, "dump raw response message in pretty print"}, +-- +2.20.1 + |